Simple Concept, Complex Technology

Netscape Communicator 4.0 gives users the most powerful and flexible data security. For a secure communication across the Internet, Netscape developed Secure Socket Layer (SSL), which utilizes encryption.

Web browsers, for example, routinely encrypt credit card numbers and other sensitive information when helping perform online purchases. The encrypted data goes to an online merchant, who decrypts the message and processes the order.

SSL makes sure traffic between the two hosts is not modified in transit. It uses a technique called "hashing" to ensure that message integrity is guaranteed.

Mutual authentication is guaranteed by SSL digital certificates, which are exchanged by the communicating machines at the time they initiate connection.

SSL offers potentially broader security, since it works on a network-transport level. Any program conversing over the network can use SSL, which sets up a safe passageway or tunnel between a client and server. Once erected, everything traveling within the tunnel is secure from outsiders.

PGP (Pretty Good Privacy) for Personal Privacy, written by Phillip Zimmerman in 1991, allows users to encrypt and decrypt files on demand. PGP combines multiple encryption algorithms, most notably those based on RSA Data Security's public key. According to the company, PGP automatically integrates with popular e-mail clients, such as Eudora (Pro or Light Versions) and Microsoft's Exchange.

In September, PGP Inc. released its Business Security Suite -- a trial version of security applications available over the Net for DOS, Windows, OS/2, UNIX and Mac systems.

For additional information, contact Internet: .

Ravlin 10

A growing number of organizations are seeking another innovative and economical alternative -- the virtual private network (VPN). VPNs involve a vendor that controls the Internet connection at both ends, including protocol and secured encryption keys. VPNs use TCP/IP "tunneling" to let users dial in to their offices via the Internet.

RedCreek's Ravlin 10 encryption hardware and software let users create a secure VPN. It is interoperable with firewalls and routers and provides data encryption without slowing the network. According to the company, this lets users create secure virtual private networks without forcing them to make radical changes.

Ravlin 10 allows the establishment of secure VPNs over both private and public networks, and it uses standard DES encryption, authentication and access control using digital signature standards and X.509 digital certificates.

Longer keys and more complex algorithms are clearly required for meaningful security, but proposals for government access to data are having the opposite effect.

Some government and law enforcement agencies want to keep strong encryption out of the hands of terrorists and other criminals. As a result, a mandatory key escrow has been proposed, whereby government agencies would keep a sort of "skeleton key" to all encrypted data. The FBI wants "realtime" access to all encrypted communications.

Privacy advocates understandably worry that as voice and data networks increasingly carry a larger share of the nation's communications traffic, government agencies will be able to access private networks without safeguards.

Encryption is also grabbing headlines elsewhere. Other countries are contemplating similar moves. The European Union is launching a pilot project called EuroTrust, which could be the first step in creating a single authority to manage the copies of private keys necessary for back-door access to all computer data.

In the most extreme example, France has outlawed the use of encryption of any kind. So in the final analysis, encryption is not just a matter of technology and bit length, but a political, social and policy issue that will become more prominent as global electronic commerce increases and as computer networks reach into more and more homes, businesses and government agencies. *